12-05-2007 07:39 AM - edited 03-05-2019 07:50 PM
We are running port-security on a 3750-48PS-S switch running C3750-ipbasek9-mz.122-25.SEE IOS and we are experiencing a strange problem. We have a data vlan and a voice vlan configured on each port, we then run port-security sticky on each port with a maximum of 2 mac-addresses. PC's are connected behind Cisco IP-Phones. This is our standard config and normally we have no problem. On this switch though as soon as we turn on port security all of the PC's are black-holed. You cant ping them, rdp to them, and from the user perspective they have no network access. The ip-phones work fine and we show the mac address from the phone and the pc as securesticky addresses. The switch never shows the ports down due to a port-security violation. As soon as I disable port-security the pc's are restored to traffic. I've included a sample of our port configs.
12-05-2007 07:59 AM
Try these commands:
switchport port-security maximum 1 vlan voice
switchport port-security maximum 1 vlan access
12-05-2007 09:24 AM
Found the problem...somehow the mac-address of the default-gateway router was entered/learned by one of the fast-ethernet ports and was written into the config as a sticky mac-address. So during the arp process all the PC's were fooled into thinking the default gateway was on a local ethernet port. Cleared the mac-address and everything is good now. Please close this thread.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide